Event ID 44 & 64 Certificate Services Client AutoEnrollment

• Monday, November 29, 2010 9:25 PM

   

   
  

  0

  OK, I have a server 2008 SP2 32-bit running as the DC in our environment. I did not install Certificate Services. I did not install any certificate stuff that I know of so the DCPromo must have set all of this up... including a skeleton install of IIS as well.  I have a message that pops intot he App log every 8 hours that is the ID 64: Certificate for local system with Thumbprint 73 3d 35 06 62 8c 8e 56 73 2b 71 8c 4d 77 9a 74 05 34 b3 68 is about to expire or already expired.

  Sure enough if I go look in Certificates > Personal > Certificates (which I didn't even know was there) I see a servernamed certificate issued by our domain that is expired. However, when I right click on it and try to renew with a new key or the same key, I get the event ID 44: Certificate enrollment for Local system failed to open the user interface (The requested certificate template is not supported by this CA. 0x80094800 (-2146875392)).

  I assume this is needed by Windows 2008 or it wouldn't have put it there. What I can't seem to find anywhere, and yes I have looked quite extensively before posting, is how to correct this error and renew the thing or for someone to say, "Oh yeah, you don't really need that so you can remove it". Then of course I would need to know how to properly (not just right-click and delete) remove it from the server.  If it is needed, and I don't have Certificate Services installed, then what? Should I have certificate services installed and if so, why didn't the DCPromo process add it?

  To say I am a n00b when it comes to certs is true.  Sorry if the obvious is staring me in the face and I can't see it.

  • Reply
  • Quote